If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You need to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Logging

10-24-2018, 06:44 PM

When an authenticated user connect to the Subversion server via TortoiseSVN or SVN client, I can see the user activities in the Subversion logs. However, when he log in via the web browser, there's no log entry in the log file at all. How do I configure Apache log to show that information? Thanks.

Comment

DougR, thanks for the prompt reply. In our environment, we run SVN with Apache httpd server (by default), and we also have another Apache htttpd server to route requests to SVN Apache. In the 'another' Apache httpd server, I do see the entries when the user access SVN via the browser, but I don't see the user ID logged there, and I don't think Apache can log that info as it doesn't deal with authentication which SVN is configured to deal with. Unless I am missing something, I don't think that user ID data can be logged there.

Comment

In general, Apache is doing AuthN and AuthZ one way or another if you are using either "http:" or "https:" type URLs.

I've seen Apache do AuthZ via various "<Limit>" and "require" statements, but I consider those archaic since they are nearly impossible to properly manage with the newer SVN protocols.
The only proper way to do AuthZ at this time is via the "AuthzSVNAccessFile" statement (well, you could always choose to enable all AuthN accounts full access to the repository - that's ok if it meets your use case). To do that loading "mod_dav_svn.so" and "mod_authz_svn.so" into Apache and requiring AuthN'd accounts.

So, I'll ask: which of your 2 Apache servers has those modules loaded? Because the Apache server that has mod_dav_svn loaded should be logging those lines regardless of whether AuthN has taken place or not. Look up above and you'll find the 1st entry in both sets has "-" for the account name - that's because that access was unauthenticated.

The other question I need to ask: Is all of your access is via "http:" (or "https:")? Or is some via "svn+ssh" or just "svn" or?

Comment

You meant to load these 2 modules in the proxy reverse proxy (the Apache web server)? The authentication is happening at the SVN Apache. So by adding these 2 module at the proxy side without authentication, the user ID data will be logged in the Apache log on the proxy side?